malwarewikiaorg-20200223-history
SpartCript
SpartCript or SpartCrypt is a ransomware that runs on Microsoft Windows. It was discovered by S!Ri. It is part of the HiddenTear family. It uses code of Jigsaw, Crypto, CyberResearcher, Executioner, Resurrection, and Ryzerio. It is aimed at English-speaking users. It uses a ransom note similar to Phobos. Payload Transmission SpartCript is distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers. Infection SpartCrypt encrypts victim's data and renames all encrypted files by adding its name, email address of its developers, victim's ID and ".Encrypted" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.SpartCryptLordCracker@protonmail.com-ID-1E857D00.Encrypted", and so on. Also, it creates a text (.txt) file titled "How_To_Restore_Your_Files.txt" and displays a pop-up window, both of them contain information on how to contact SpartCrypt and other details. Cyber criminals who designed SpartCrypt can be contacted via furhlordcracker@protonmail.com and phabos@cock.li email addresses. Victims have to send them the appointed unique ID and can attach up to 5 files. These cyber criminals offer to decrypt them for free. After that they will name the price of a decryption, it is stated that it depends on how fast they will be contacted. Either way, they promise to send decryption tool after a payment which must be using Bitcoin cryptocurrency. Text presented in SpartCrypt ransomware's pop-up window: All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail LordCracker@protonmail.com - Phabos@cock.li Write this ID in the title of your message - You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. hxxps://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. Text in How_To_Restore_Your_Files.txt: SpartCript + All Your Files Have Been Encrypted + - Do You Really Want To Restore Your Files? - Write Us To The E-Mail : LordCracker@protonmail.com - Phabos@cock.li - Write Your Unique-ID In The Title Of Your Message. + Unique-ID : - - You Have To Pay For Decryption In Bitcoins. - The Price Depends On How Fast You Write To Us. - After Payment We Will Send You The Decryption Tool That Will Decrypt All Your Files. ---------- + Free Decryption As Guarantee + + Before Paying You Can Send Us Up To 5 Files For Free Decryption, The Total Size Of Files Must Bee Less Than 10MB, (Non Archived) And Files Should Not Contain Valuable Information (Databases, Backups, Large Excel -Sheets, Etc). ---------- - The Easiest Way To Buy Bitcoins Is LocalBitcoins Site : hxxps://localbitcions.com/buy_bitcoins You Have To Register, Click 'Buy Bitcoins', And Select The Seller By Payment Method And Price. - Also You Can Find Other Places To Buy Bitcoins And Beginners Guide Here: hxxp://coindesk.com/information/how-can-i-buy-bitcoins ---------- - Do Not Rename Encrypted Files. - Do Not Try To Decrypt Your Data Using Third Party -Software, It May Cause Permanent Data Loss. - Decryption Of Your Files With The Help Of Third Parties May Cause Increased Price (They Add Their Fee To Our) Or You Can Become A Victim Of A Scam. Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Win32 trojan Category:Microsoft Windows Category:Trojan Category:Assembly